From a35a3816133bd8fd75bbf51e879568a6116419ac Mon Sep 17 00:00:00 2001 From: Jan Vcelak Date: Wed, 24 Aug 2011 18:58:25 +0200 Subject: [PATCH] fix: conversion of constraint overlay settings to cn=config is incorrect Resolves: #733067 --- openldap-constraint-overlay-config.patch | 81 ++++++++++++++++++++++++ openldap.spec | 3 + 2 files changed, 84 insertions(+) create mode 100644 openldap-constraint-overlay-config.patch diff --git a/openldap-constraint-overlay-config.patch b/openldap-constraint-overlay-config.patch new file mode 100644 index 0000000..12e9948 --- /dev/null +++ b/openldap-constraint-overlay-config.patch @@ -0,0 +1,81 @@ +constraint overlay: fix config emit + +Author: Pierangelo Masarati +Upstream ITS: #6986 +Upstream commit: c0b669e14f4ef5b649f86bb3c1cc4ca76a00efa8 +Resolves: #733067 + +diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c +index fcb2830..e6a9267 100644 +--- a/servers/slapd/overlays/constraint.c ++++ b/servers/slapd/overlays/constraint.c +@@ -145,6 +145,8 @@ constraint_cf_gen( ConfigArgs *c ) + char *tstr = NULL; + int quotes = 0; + int j; ++ size_t val; ++ char val_buf[SLAP_TEXT_BUFLEN] = { '\0' }; + + bv.bv_len = STRLENOF(" "); + for (j = 0; cp->ap[j]; j++) { +@@ -156,6 +158,7 @@ constraint_cf_gen( ConfigArgs *c ) + + if (cp->re) { + tstr = REGEX_STR; ++ quotes = 1; + } else if (cp->lud) { + tstr = URI_STR; + quotes = 1; +@@ -164,8 +167,10 @@ constraint_cf_gen( ConfigArgs *c ) + quotes = 1; + } else if (cp->size) { + tstr = SIZE_STR; ++ val = cp->size; + } else if (cp->count) { + tstr = COUNT_STR; ++ val = cp->count; + } + + bv.bv_len += strlen(tstr); +@@ -175,6 +180,15 @@ constraint_cf_gen( ConfigArgs *c ) + bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\""); + } + ++ if (cp->count || cp->size) { ++ int len = snprintf(val_buf, sizeof(val_buf), "%d", val); ++ if (len <= 0) { ++ /* error */ ++ return -1; ++ } ++ bv.bv_len += len; ++ } ++ + s = bv.bv_val = ch_malloc(bv.bv_len + 1); + + s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len ); +@@ -185,9 +199,13 @@ constraint_cf_gen( ConfigArgs *c ) + *s++ = ' '; + s = lutil_strcopy( s, tstr ); + *s++ = ' '; +- if ( quotes ) *s++ = '"'; +- s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len ); +- if ( quotes ) *s++ = '"'; ++ if (cp->count || cp->size) { ++ s = lutil_strcopy( s, val_buf ); ++ } else { ++ if ( quotes ) *s++ = '"'; ++ s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len ); ++ if ( quotes ) *s++ = '"'; ++ } + if (cp->restrict_lud != NULL) { + s = lutil_strcopy( s, " restrict=\"" ); + s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len ); +@@ -471,7 +489,7 @@ constraint_cf_gen( ConfigArgs *c ) + } + } + +- ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val); ++ ber_str2bv(c->argv[argidx] + STRLENOF("restrict="), 0, 1, &ap.restrict_val); + + } else { + /* cleanup */ diff --git a/openldap.spec b/openldap.spec index 8e5379e..3a30d66 100644 --- a/openldap.spec +++ b/openldap.spec @@ -34,6 +34,7 @@ Patch8: openldap-nss-init-threadsafe.patch Patch9: openldap-nss-reqcert-hostname.patch Patch10: openldap-nss-verifycert.patch Patch11: openldap-nss-memleak-free-certs.patch +Patch12: openldap-constraint-overlay-config.patch # patches for the evolution library (see README.evolution) Patch200: openldap-evolution-ntlm.patch @@ -138,6 +139,7 @@ pushd openldap-%{version} %patch9 -p1 -b .nss-reqcert-hostname %patch10 -p1 -b .nss-verifycert %patch11 -p1 -b .nss-memleak-free-certs +%patch12 -p1 -b .constraint-overlay-config cp %{_datadir}/libtool/config/config.{sub,guess} build/ @@ -666,6 +668,7 @@ exit 0 - fix: NSS_Init* functions are not thread safe (#731112) - fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819) - fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818) +- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067) * Sun Aug 14 2011 Rex Dieter - 2.4.26-1.1 - Rebuilt for rpm (#728707)